Abstract: A method of protecting the exchange of privacy-sensitive data in a wireless communication network, the method including generating and providing a public cryptographic key to a first entity, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, the private key being bound to the public key and being associated to privacy support context information to identify the network; having the network send to the first entity respective wireless network privacy support context information; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data; having the first entity send to the second entity through the network the encrypted data; and having the second entity decrypt the encrypted data exploiting the private key.

Abstract: A method of protecting the exchange of privacy-sensitive data in a wireless communication network, the method including generating and providing a public cryptographic key to a first entity, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, the private key being bound to the public key and being associated to privacy support context information to identify the network; having the network send to the first entity respective wireless network privacy support context information; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data; having the first entity send to the second entity through the network the encrypted data; and having the second entity decrypt the encrypted data exploiting the private key.

Abstract: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network.

Abstract: In a wireless communications network including at least one authenticator and at least one authentication server, wherein the authenticator is adapted to interact with the authentication server for authenticating supplicants in order to conditionally grant thereto access to the wireless communications network, a short authentication method for authenticating a supplicant, the method including: providing a shared secret, shared by and available at the supplicant and the authentication server; having the supplicant provide to the authenticator an authentication token, wherein the authentication token is based on the shared secret available thereat; having the authenticator forward the authentication token to the authentication server; having the authentication server ascertain an authenticity of the received authentication token based on the shared secret available thereat; in case the authenticity of the authentication token is ascertained, having the authentication server generate a first authentication key b

Abstract: A system for controlling access of a mobile terminal to a communication network including a set of terminals, wherein said mobile terminal obtains access to the network as a result of a successful authentication procedure. The system includes an authenticator module for performing the authentication procedure of the mobile terminal and a communication mechanism configured for making the successful outcome of the authentication procedure known to the terminals in the set. The mobile terminal is thus permitted to access the network via any of the terminals in the set based on the authentication procedure.

Abstract: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code.

Abstract: A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.

Abstract: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.

Abstract: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.

Abstract: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code.

Abstract: At least one user is given access to a respective home operator over a communication network such as an IP network, via an access network and through any of a plurality of supported visited networks. The user is communicated a list of the supported visited networks and is thus given the possibility of selecting one of the supported visited networks as the path for reaching the respective home operator.

Abstract: A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.

Abstract: In a wireless communications network including at least one authenticator and at least one authentication server, wherein the authenticator is adapted to interact with the authentication server for authenticating supplicants in order to conditionally grant thereto access to the wireless communications network, a short authentication method for authenticating a supplicant, the method including: providing a shared secret, shared by and available at the supplicant and the authentication server; having the supplicant provide to the authenticator an authentication token, wherein the authentication token is based on the shared secret available thereat; having the authenticator forward the authentication token to the authentication server; having the authentication server ascertain an authenticity of the received authentication token based on the shared secret available thereat; in case the authenticity of the authentication token is ascertained, having the authentication server generate a first authentication key b

Abstract: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network.

Abstract: A system for controlling access of a mobile terminal to a communication network including a set of terminals, wherein said mobile terminal obtains access to the network as a result of a successful authentication procedure. The system includes an authenticator module for performing the authentication procedure of the mobile terminal and a communication mechanism configured for making the successful outcome of the authentication procedure known to the terminals in the set. The mobile terminal is thus permitted to access the network via any of the terminals in the set based on the authentication procedure.

Abstract: At least one user is given access to a respective home operator over a communication network such as an IP network, via an access network and through any of a plurality of supported visited networks. The user is communicated a list of the supported visited networks and is thus given the possibility of selecting one of the supported visited networks as the path for reaching the respective home operator.